kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
394 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

236 Commits

Author SHA1 Message Date
p0lyn0mial 42d367c84c register all generic admission plugins when AdmissionOptions are created. 
lifecycle plugin: make use of the libraries under k8s.io/client-go/pkg/api and k8s.io/client-go/kubernetes
for the client libraries instead of k8s.io/kubernetes/client/*

move registration to AdmissionOptions

Kubernetes-commit: 77eb2f39500f1fcf66899ea557791e7bca851449
 2017-06-13 20:47:29 +00:00
Dr. Stefan Schimanski a177d01bf0 audit: uniform 2 or 3 events for short/long running requests 
Kubernetes-commit: 548f7be8fa10b6cbedcf179af088536e76a6c0e3
 2017-06-13 20:47:29 +00:00
Dr. Stefan Schimanski 636c532e31 audit: fill in stage 
Kubernetes-commit: 1e94185f4425551f1c81ba7bbdbae110bc317abd
 2017-06-13 20:47:29 +00:00
Dr. Stefan Schimanski 8b776edc46 audit: fill in sub-resource 
Kubernetes-commit: 019003b9266872f912b188708583141a34561007
 2017-06-13 20:47:29 +00:00
Dr. Stefan Schimanski f695ec4d4b audit-types: add Panic stage 
Kubernetes-commit: 3e9c8aaac689d9b0a11849b09aced266b48b3af8
 2017-06-13 20:47:29 +00:00
Tim St. Clair a54d901fa7 Fix audit level none 
Kubernetes-commit: 93e1e54e290325d82e41d50f64057323879bdef2
 2017-06-13 20:47:29 +00:00
Walter Fender 5428bc23d8 Change to aggregator so it calls a user apiservice via its pod IP. 
proxy_handler now uses the endpoint router to map the cluster IP to
appropriate endpoint (Pod) IP for the given resource.
Added code to allow aggregator routing to be optional.
Updated bazel build.
Fixes to cover JLiggit comments.
Added util ResourceLocation method based on Listers.
Fixed issues from verification steps.
Updated to add an interface to obfuscate some of the routing logic.
Collapsed cluster IP resolution in to the aggregator routing
implementation.
Added 2 simple unit tests for ResolveEndpoint

Kubernetes-commit: ad8a83a7c1741efb507d924a17eb809748ee2e06
 2017-06-13 20:47:29 +00:00
deads2k 10de73bc53 move CRD behind TPR 
Kubernetes-commit: 18177e2bdeafbddeb3d66fec0b8cb88794cd69ff
 2017-06-13 20:47:29 +00:00
p0lyn0mial d3a026ac63 move namespace lifecycle plugin to apiserver 
Kubernetes-commit: 1a5da9afc804eed6630caa1a17540d1a171b211a
 2017-06-13 20:47:29 +00:00
Monis Khan 6794013a5b Panic server on watch errors in test environment 
This change makes it so that errors during watch decoding panic the
server if it is in a test environment.  This allows us to catch coder
errors related to storing incompatible types at the same location in
etcd.

Signed-off-by: Monis Khan <mkhan@redhat.com>

Kubernetes-commit: a13f026fd012859f04467e6007e2cafe4a788927
 2017-06-13 20:47:29 +00:00
Tim St. Clair 8ff532a4cb Implement audit policy logic 
Kubernetes-commit: a5de309ee261aea15bb1cc12647b32640c2ac196
 2017-06-13 20:47:28 +00:00
Cao Shufeng 7618d3f6da Fix doc about Verb for advanced audit feature 
Kubernetes-commit: 312d117f51972fdaaf691100452942c61e163224
 2017-06-13 20:47:28 +00:00
Monis Khan 844a0a7812 Require DeleteStrategy for all registry.Store 
All registry.Store objects already set a non-nil DeleteStrategy.
This change ensures that all future objects do so as well.

Signed-off-by: Monis Khan <mkhan@redhat.com>

Kubernetes-commit: 08fcd79e1f4b9d3efe0a20ea4ce4fdf5ffea0531
 2017-06-13 20:47:28 +00:00
Clayton Coleman 2f49bbbf91 Subresources are not included in apiserver prometheus metrics 
Subresources are very often completely different code paths and errors
generated on those code paths are important to distinguish.

Kubernetes-commit: ad431c454c1306fdcc2134a3626444984d350f46
 2017-06-13 20:47:28 +00:00
Tim St. Clair dac438aa53 Update existing code for audit API changes 
Kubernetes-commit: 4c54970d31f0e35f21247514fb946081e6ee0be5
 2017-06-13 20:47:28 +00:00
p0lyn0mial ecba80695f remove init blocks from all admission plugins 
Kubernetes-commit: c5019bf6962475ffff94ef4993bdc651b79f650c
 2017-06-13 20:47:28 +00:00
Tim St. Clair 4fa7bd1587 Generated code 
Kubernetes-commit: 7bc9b3004956e84dd29ab66a7fb24e9924d960b7
 2017-06-13 20:47:28 +00:00
Tim St. Clair 78e974150d Append X-Forwarded-For in proxy handler 
Kubernetes-commit: 6875e953782076237a0c20facc05eeb5d49aa161
 2017-06-13 20:47:28 +00:00
Tim St. Clair 2c15f760d9 Update audit API with missing pieces 
Kubernetes-commit: 4c98cab4dbccdc6ba005c08bf45c48aeb8e142b9
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski 94ea219615 Update bazel 
Kubernetes-commit: 9fdc36a47ada0bc34ee53b68edd085d368ed9012
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski ec8d130fa7 audit: wire through non-nil context everywhere 
Kubernetes-commit: ce942d19c378ecd335e7e158e30cdc184f9d6184
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski f7d766d92d audit: add audit event to the context and fill in handlers 
Kubernetes-commit: 0b5bcb021932355b3ff7c2b45fb579f4adad84bf
 2017-06-13 20:47:28 +00:00
Dr. Stefan Schimanski 6bd3c73150 apiserver: move LongRunningRequestCheck type into endpoints/request 
Kubernetes-commit: c1bf6e832e2887ef6cd0e7b7fa97a168fdf474e5
 2017-06-13 20:47:27 +00:00
Wojciech Tyczynski 1d0b329280 Pass RequestInfo to GenerateLink 
Kubernetes-commit: b4018f7da18f1e61e59c5c48cae4178db2714f85
 2017-06-13 20:47:27 +00:00
Clayton Coleman 08910cc6fc Cache watch returns incorrect object on DELETED events 
The underlying storage has always returned the old object on watch
delete events when filtering. The cache watcher does not, which means a
downsteam caller gets different behavior.

This fixes the cache watcher to be consistent with our long term
behavior for watch. It may result in a behavior change (the filter
becomes more precise) but this was a regression in behavior.

Kubernetes-commit: e9e69356e4907fa4d0f45ea7e7768357ba71aba9
 2017-06-13 20:47:27 +00:00
Wojciech Tyczynski d82b8bc329 Pass Context to GenerateLink 
Kubernetes-commit: 25f0fe1adb199697565487b9dfacc4ed8ecdccbb
 2017-06-13 20:47:27 +00:00
deads2k 283dd09ef7 tighten and simplify owners in some staging repos 
Kubernetes-commit: e7871dbab26459163fd916b83563c4815c7ca43c
 2017-06-13 20:47:27 +00:00
Jordan Liggitt 781a66f4fb Return MethodNotSupported when accessing unwatcheable resource with ?watch=true 
Kubernetes-commit: da8ae29620811f3dc058e0e665d402a208a1fe6c
 2017-06-13 20:47:27 +00:00
Morgan Bauer 5f3d0e25c7 documentation for implementors of RESTCreateStrategy 
Kubernetes-commit: 1033c976f0bc5a25ae772fa92c724c5b2caea39e
 2017-06-13 20:47:27 +00:00
Clayton Coleman ec289c4e0b Refactor move of client-go/util/clock to apimachinery 
Kubernetes-commit: 3e095d12b4f152a45b593927804e2e7b8816239a
 2017-05-21 17:28:01 +00:00
Clayton Coleman 01a774be49 Move client-go/util/clock to apimachinery/pkg/util/clock 
For reuse

Kubernetes-commit: 8013212db54e95050c622675c6706cce5de42b45
 2017-05-21 17:28:01 +00:00
Clayton Coleman 3cbbcf996a Move pkg/util/cache to apimachinery 
Will be used by client-go as well

Kubernetes-commit: 529e627c8a4338d48cd2bf658303bac6fef6aaaa
 2017-05-21 17:28:01 +00:00
mbohlool 032de8d661 Update bazel 
Kubernetes-commit: 4d4abf3ba625488bd8a1b577f15b85db3c0fccac
 2017-05-21 17:28:01 +00:00
mbohlool e57f74f648 bugfix: form parameters should have type in OpenAPI spec 
Kubernetes-commit: 4b0fbfe1ee23e5498ecc4786d3eeec222710473b
 2017-05-21 17:28:01 +00:00
mbohlool d5a4874935 Add protobuf binary version of openapi spec 
Kubernetes-commit: 161b480107d94fae0373a2d7221413ec7a816229
 2017-05-21 17:28:01 +00:00
yupengzte e701e40544 format re 
Signed-off-by: yupengzte <yu.peng36@zte.com.cn>

Kubernetes-commit: 9eee70656fc411029c91edafdbfa327eb0736528
 2017-05-20 17:28:13 +00:00
Shyam Jeedigunta b10ed3c56c Copy static variable 'verb' before instrumenting APIserver call to prevent overwriting 
Kubernetes-commit: 4d457f55f4b190012440c8a454a2aee338a42c4d
 2017-05-19 17:28:21 +00:00
Tim St. Clair b2138bb657 Update generated files 
Kubernetes-commit: 6565f68cfab218c1c143edc8028f2bc2183b4150
 2017-05-19 17:28:21 +00:00
Tim St. Clair d9744c1278 Add internal audit API types 
Kubernetes-commit: cdacc1f6dfe85b99a0e8da7b1081eadeee1258ff
 2017-05-19 17:28:21 +00:00
Christoph Blecker 64f3b76260 Update generated files 
Kubernetes-commit: 4361a9146e34d74fce9c0193b11b920ffbd0eda8
 2017-05-18 17:28:00 +00:00
Dr. Stefan Schimanski 2a11524990 apiserver: no Status in body for http 204 
Kubernetes-commit: 8902dae1c4e12a0b5933beb965b148b4150c970d
 2017-05-17 17:27:53 +00:00
Clayton Coleman 0bd7c5925e generated: bazel 
Kubernetes-commit: 7827899b1dd22074eb230e241f63e69499046fb6
 2017-05-17 17:27:53 +00:00
Clayton Coleman 4ec184826d Allow config to accept a Transformer 
Kubernetes-commit: 4f27d8feea0cbb7634554ef8af1ad6265738a2a1
 2017-05-17 17:27:53 +00:00
Clayton Coleman f27996225a Update etcd3 storage to leverage storage/value interfaces 
Adds context argument which must be set for AES GCM authenticated data
to be passed.

Kubernetes-commit: a73990a33f95713f026ee7ae9ae6741255aaf8e4
 2017-05-17 17:27:53 +00:00
Clayton Coleman 0fb460572a Add an AEAD encrypting transformer for storing secrets encrypted at rest 
Tweak the ValueTransformer interface slightly to support additional
context information (to allow authenticated data to be generated by the
store and passed to the transformer). Add a prefix transformer that
looks for known matching prefixes and uses them. Add an AES GCM
transformer that performs AEAD on the values coming in and out of the
store.

Kubernetes-commit: f418468c87d3071c5d9ed14ce850996c77251080
 2017-05-17 17:27:53 +00:00
Cao Shufeng 549abf6787 Fix docs for advanced audit 
Kubernetes-commit: 22ba5eb0756d4eb936db3d911be7a79fffbb142e
 2017-05-17 17:27:53 +00:00
Tim St. Clair ccd060c4df hack/update-bazel.sh 
Kubernetes-commit: 951aa18225ed27d3f6b181c9403e4c4755c30ae1
 2017-05-16 17:27:51 +00:00
Tim St. Clair 801bfb00d4 Internal audit API 
Kubernetes-commit: ce2d57802f984678bc6ea0143c63602e0a4fb54e
 2017-05-16 17:27:51 +00:00
p0lyn0mial b10e93e2f5 bazel update 
Kubernetes-commit: 7b0950b298c876668d469d4b5b2ad7a4dcd344fc
 2017-05-16 17:27:51 +00:00
nikhiljindal 404503d3e6 Updating generic registry to return UID while deleting the object 
Kubernetes-commit: 44fc88cecd5ab175fe7907eb7b975f0a00cb2305
 2017-05-16 17:27:51 +00:00